spring security 短信验证码登录

已于 2022-08-01 17:32:37 修改
阅读量2.6k 收藏 22
点赞数 2
文章标签: spring
于 2022-08-01 17:30:39 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/LiuLiuLiu_guanren/article/details/126105292
版权

短信登录过滤器  SmsAuthenticationFilter 

import org.springframework.lang.Nullable;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.Assert;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


/**
 * 短信登录过滤器
 */
public class SmsAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

    // 设置拦截/sms/login短信登录接口
    private static final AntPathRequestMatcher DEFAULT_ANT_PATH_REQUEST_MATCHER = new AntPathRequestMatcher("/sms/login", "POST");
    // 认证参数
    private String principalParameter = "phone"; //对应手机号
    private String credentialsParameter = "code"; //对应验证码
    private boolean postOnly = true;


    public SmsAuthenticationFilter() {
        super(DEFAULT_ANT_PATH_REQUEST_MATCHER);
    }

    public SmsAuthenticationFilter(AuthenticationManager authenticationManager) {
        super(DEFAULT_ANT_PATH_REQUEST_MATCHER, authenticationManager);
    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
        if (this.postOnly && !"POST".equals(request.getMethod())) {
            throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
        } else {

            String phone = this.obtainPrincipal(request);
            phone = phone != null ? phone : "";
            phone = phone.trim();
            String code = this.obtainCredentials(request);
            code = code != null ? code : "";

            SmsAuthenticationToken authRequest = new SmsAuthenticationToken(phone, code);
            this.setDetails(request, authRequest);
            // 认证
            return this.getAuthenticationManager().authenticate(authRequest);
        }
    }

    @Nullable
    protected String obtainCredentials(HttpServletRequest request) {
        return request.getParameter(this.credentialsParameter);
    }

    @Nullable
    protected String obtainPrincipal(HttpServletRequest request) {
        return request.getParameter(this.principalParameter);
    }


    protected void setDetails(HttpServletRequest request, SmsAuthenticationToken authRequest) {
        authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
    }


    public void setPrincipalParameter(String principalParameter) {
        Assert.hasText(principalParameter, "principal parameter must not be empty or null");
        this.principalParameter = principalParameter;
    }

    public void setCredentialsParameter(String credentialsParameter) {
        Assert.hasText(credentialsParameter, "credentials parameter must not be empty or null");
        this.credentialsParameter = credentialsParameter;
    }

    public void setPostOnly(boolean postOnly) {
        this.postOnly = postOnly;
    }

    public final String getPrincipalParameter() {
        return this.principalParameter;
    }

    public final String getCredentialsParameter() {
        return this.credentialsParameter;
    }

}

 短信登录令牌        SmsAuthenticationToken

import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.util.Assert;

import java.util.Collection;

/**
 * 短信登录令牌
 */
public class SmsAuthenticationToken extends AbstractAuthenticationToken {


    private static final long serialVersionUID = 1L;

    private final Object phone;
    private Object code;

    public SmsAuthenticationToken(Object phone, Object credentials) {
        super((Collection) null);
        this.phone = phone;
        this.code = credentials;
        this.setAuthenticated(false);
    }

    public SmsAuthenticationToken(Object phone, Object code, Collection<? extends GrantedAuthority> authorities) {
        super(authorities);
        this.phone = phone;
        this.code = code;
        super.setAuthenticated(true);
    }

    @Override
    public Object getCredentials() {
        return this.code;
    }


    @Override
    public Object getPrincipal() {
        return this.phone;
    }

    @Override
    public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
        Assert.isTrue(!isAuthenticated, "Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
        super.setAuthenticated(false);
    }

    @Override
    public void eraseCredentials() {
        super.eraseCredentials();
        this.code = null;
    }
}

 短信登录校验器

import cn.hutool.core.util.StrUtil;
import com.ruoyi.common.constant.Constants;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.core.AuthenticatedPrincipal;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;

import java.security.Principal;

/**
 * 短信登录校验器
 */
@Component
public class SmsAuthenticationProvider implements AuthenticationProvider {

    private SmsUserDetailsService smsUserDetailsService;

    private RedisTemplate<String, String> redisTemplate;

    public SmsAuthenticationProvider(@Qualifier("smsUserDetailsService") SmsUserDetailsService smsUserDetailsService, RedisTemplate<String, String> redisTemplate) {
        this.smsUserDetailsService = smsUserDetailsService;
        this.redisTemplate = redisTemplate;
    }

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Object principal = authentication.getPrincipal();// 获取凭证也就是用户的手机号
        String mobile = "";
        if (principal instanceof UserDetails) {
            mobile = ((UserDetails) principal).getUsername();
        } else if (principal instanceof AuthenticatedPrincipal) {
            mobile = ((AuthenticatedPrincipal) principal).getName();
        } else if (principal instanceof Principal) {
            mobile = ((Principal) principal).getName();
        } else {
            mobile = principal == null ? "" : principal.toString();
        }
        String inputCode = (String) authentication.getCredentials(); // 获取输入的验证码
        // 1. 根据手机号查询用户信息
        UserDetails userDetails = smsUserDetailsService.loadUserByUsername(mobile);
        if (userDetails == null) {
            throw new InternalAuthenticationServiceException("用户不存在");
        }
        // 2. 检验Redis手机号的验证码
        String verifyKey = Constants.PHONE_CODE_KEY + mobile;
        String redisCode = redisTemplate.opsForValue().get(verifyKey);
        if (StrUtil.isEmpty(redisCode)) {
            throw new BadCredentialsException("验证码已经过期或尚未发送,请重新发送验证码");
        }
        if (!inputCode.equals(redisCode)) {
            throw new BadCredentialsException("输入的验证码不正确,请重新输入");
        }
        redisTemplate.delete(verifyKey);//用完即删
        // 3. 重新创建已认证对象,
        SmsAuthenticationToken authenticationResult = new SmsAuthenticationToken(principal, inputCode, userDetails.getAuthorities());
        authenticationResult.setDetails(userDetails);
        return authenticationResult;
    }

    @Override
    public boolean supports(Class<?> aClass) {
        return SmsAuthenticationToken.class.isAssignableFrom(aClass);
    }


}

 查询短信登录信息并封装为UserDetails

import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.enums.UserStatus;
import com.ruoyi.common.exception.ServiceException;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.framework.web.service.SysPermissionService;
import com.ruoyi.system.service.ISysUserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

/**
 * 查询短信登录信息并封装为UserDetails  这里可以抽取一个抽象类,权限加载和校验租户等逻辑交给父类处理
 */
@Service("smsUserDetailsService")
public class SmsUserDetailsService implements UserDetailsService {
    private static final Logger log = LoggerFactory.getLogger(SmsUserDetailsService.class);

    @Autowired
    private ISysUserService userService;

    @Autowired
    private SysPermissionService permissionService;

    @Override
    public UserDetails loadUserByUsername(String phone) throws UsernameNotFoundException {
        SysUser user = userService.selectUserByPhone(phone);
        if (StringUtils.isNull(user)) {
            log.info("手机号:{} 不存在.", phone);
            throw new InternalAuthenticationServiceException("手机号:" + phone + " 不存在");
        } else if (UserStatus.DELETED.getCode().equals(user.getDelFlag())) {
            log.info("登录用户:{} 已被删除.", phone);
            throw new ServiceException("对不起,您的账号:" + phone + " 已被删除");
        } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
            log.info("登录用户:{} 已被停用.", phone);
            throw new DisabledException("对不起,您的账号:" + phone + " 已停用");
        }

        return createLoginUser(user);
    }

    public UserDetails createLoginUser(SysUser user) {
        return new LoginUser(user.getUserId(), user.getDeptId(), user, permissionService.getMenuPermission(user));
    }
}

 适配器 SmsSecurityConfigurerAdapter

import com.ruoyi.framework.sms.handle.FailAuthenticationHandler;
import com.ruoyi.framework.sms.handle.SuccessAuthenticationHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.stereotype.Component;

/**
 * Author: LiuLin
 * Date: 2022/5/27 16:25
 * Description:
 */
@Component
public class SmsSecurityConfigurerAdapter extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
    @Autowired
    private SuccessAuthenticationHandler successHandler;
    @Autowired
    private FailAuthenticationHandler failureHandler;
    @Autowired
    private SmsAuthenticationProvider smsAuthenticationProvider;


    @Override
    public void configure(HttpSecurity builder) throws Exception {

        SmsAuthenticationFilter filter = new SmsAuthenticationFilter();
        filter.setAuthenticationSuccessHandler(successHandler);
        filter.setAuthenticationFailureHandler(failureHandler);
        builder.addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class);


        AuthenticationManager authenticationManager = builder.getSharedObject(AuthenticationManager.class);
        filter.setAuthenticationManager(authenticationManager);

        builder.authenticationProvider(smsAuthenticationProvider);

        super.configure(builder);

    }
}

登录失败

import com.alibaba.fastjson.JSONObject;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.framework.manager.AsyncManager;
import com.ruoyi.framework.manager.factory.AsyncFactory;
import com.ruoyi.system.service.ISysUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * Author: LiuLin
 * Date: 2022/5/30 10:19
 * Description:
 */

@Component
public class FailAuthenticationHandler extends SimpleUrlAuthenticationFailureHandler {


    @Autowired
    private ISysUserService userService;

    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
                                        AuthenticationException exception) throws IOException, ServletException {

        String mobile = request.getParameter("phone");
        SysUser sysUser = userService.selectUserByPhone(mobile);
        if (sysUser == null) {
            AsyncManager.me().execute(AsyncFactory.recordLogininfor("未知", Constants.LOGIN_FAIL, "手机号:" + mobile + "不存在"));
        } else {
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(sysUser.getUserName(), Constants.LOGIN_FAIL, exception.getMessage()));
        }

        JSONObject res = new JSONObject();//返回前端数据
        res.put("code", com.ruoyi.common.constant.HttpStatus.ERROR);
        res.put("msg", exception.getMessage());
        response.setContentType("application/json;charset=UTF-8");
        response.getWriter().write(String.valueOf(res));

    }

}

登录成功

import com.alibaba.fastjson.JSONObject;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.constant.HttpStatus;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.utils.DateUtils;
import com.ruoyi.common.utils.MessageUtils;
import com.ruoyi.common.utils.ServletUtils;
import com.ruoyi.common.utils.ip.IpUtils;
import com.ruoyi.framework.manager.AsyncManager;
import com.ruoyi.framework.manager.factory.AsyncFactory;
import com.ruoyi.framework.web.service.TokenService;
import com.ruoyi.system.service.ISysUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;


/**
 * Author: LiuLin
 * Date: 2022/5/30 10:18
 * Description:
 */

@Component
public class SuccessAuthenticationHandler extends SavedRequestAwareAuthenticationSuccessHandler {


    @Autowired
    private TokenService tokenService;

    @Autowired
    private ISysUserService userService;


    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                                        Authentication authentication) throws ServletException, IOException {


        LoginUser loginUser = (LoginUser) authentication.getDetails();
        recordLoginInfo(loginUser.getUserId());

        AsyncManager.me().execute(AsyncFactory.recordLogininfor(loginUser.getUsername(), Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));

        JSONObject res = new JSONObject();//返回前端数据
        res.put("msg", "操作成功");
        res.put("code", HttpStatus.SUCCESS);
        res.put("token", tokenService.createToken(loginUser));
        response.setContentType("application/json;charset=UTF-8");
        response.getWriter().write(String.valueOf(res));
        //response.getWriter().write(objectMapper.writeValueAsString(res));

    }

    public void recordLoginInfo(Long userId) {
        SysUser sysUser = new SysUser();
        sysUser.setUserId(userId);
        sysUser.setLoginIp(IpUtils.getIpAddr(ServletUtils.getRequest()));
        sysUser.setLoginDate(DateUtils.getNowDate());
        userService.updateUserProfile(sysUser);
    }

}

spring security配置

@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
 
    @Autowired
    private SmsSecurityConfigurerAdapter smsSecurityConfigurerAdapter;

    /**
     * 解决 无法直接注入 AuthenticationManager
     *
     * @return
     * @throws Exception
     */
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception
    {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception
    {
        httpSecurity
                // CSRF禁用,因为不使用session
                .csrf().disable()
                // 基于token,所以不需要session                        
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                // 过滤请求
                .authorizeRequests()
                // 对于登录login 注册register 验证码captchaImage 允许匿名访问
                .antMatchers("/sms/login", "/sendCode").anonymous()              
        // 添加手机号短信登录
        httpSecurity.apply(smsSecurityConfigurerAdapter);
    }

    /**
     * 强散列哈希加密实现
     */
    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder()
    {
        return new BCryptPasswordEncoder();
    }

}

乓乒兵乓乒
关注
  • 2
    点赞
  • 22
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
SpringBoot + SpringSecurity 短信验证码登录功能实现
08-27
SpringBoot + SpringSecurity 短信验证码登录功能实现 本文主要介绍了 SpringBoot + SpringSecurity 短信验证码登录功能实现的详细过程,该功能可以使用户通过手机短信验证码登录系统,而不是传统的用户名密码登录...
SpringSecurity短信验证码登录
Curtisjia的博客
10-31 3013
短信验证码登录 时下另一种非常常见的网站登录方式为手机短信验证码登录,但Spring Security默认只提供了账号密码的登录认证逻辑,所以要实现手机短信验证码登录认证功能,我们需要模仿Spring Security账号密码登录逻辑代码来实现一套自己的认证逻辑。 短信验证码生成 我们先定义一个短信验证码对象SmsCode : public class SmsCode { private String code; private LocalDateTime expireTime;
Spring Security——添加验证码
戏拈秃笔的博客
06-13 830
通过自定义过滤器给项目添加上登录验证码
Spring Security 短信验证码登录(5)
Java是世界上最好的语言
04-25 1505
Spring Security添加图形验证码中,我们已经实现了基于Spring Boot + Spring Security的账号密码登录,并集成了图形验证码功能。时下另一种非常常见的网站登录方式为手机短信验证码登录,但Spring Security默认只提供了账号密码的登录认证逻辑,所以要实现手机短信验证码登录认证功能,我们需要模仿Spring Security账号密码登录逻辑代码来实现一套自己的认证逻辑。 1. 短信验证码生成 我们在Spring Security添加图形验证码的基础上来集成短信验证码
Spring Security短信验证码登录
Yestar123456的博客
12-27 971
Spring Security添加图形验证码一节中,我们已经实现了基于Spring Boot + Spring Security的账号密码登录,并集成了图形验证码功能。时下另一种非常常见的网站登录方式为手机短信验证码登录,但Spring Security默认只提供了账号密码的登录认证逻辑,所以要实现手机短信验证码登录认证功能,我们需要模仿Spring Security账号密码登录逻辑代码来实现一...
5.Spring Security 短信验证码登录
LoveSummer
11-05 1453
Spring Security 短信验证码登录Spring Security 添加图形验证码一节中,我们已经实现了基于 Spring Boot + Spring Security 的账号密码登录,并集成了图形验证码功能。时下另一种非常常见的网站登录方式为手机短信验证码登录,但 Spring Security 默认只提供了账号密码的登录认证逻辑,所以要实现手机短信验证码登录认证功能,我们需要模...
Spring Security 自定义短信验证码登录
taojin12的博客
05-25 628
短信验证码登录的思路,需要通过验证码过滤器,过滤验证码是否正确。次过程和图形验证码校验逻辑完全一样。 之后,需要通过Spring Security 认真的一套逻辑,来去数据库查询用户信息,进行 认证信息 Authentication的封装。 此处案例的Provider认证校验类,只是从数据库查询信息,然后进行封装。实际开发中可能需求不同,按需求进行更改。 发送验证码功能 1、定义验证码实体类 @Data public class ValidateCode { /** * 验证码
Spring Security实现短信验证码登录
波板糖的博客
05-12 1668
概述 手机验证码登录是目前很常见的一种登录方式,本文阐述基于Spring Security快速实现手机验证码登录。本文建立在你对Spring Security基本原理有所了解的基础上,有兴趣的同学戳这里是关于Spring Security基本原理的文章:https://www.jianshu.com/p/e22fdeedc9a3 本文实验环境: SpringBoot:2.2.0.RELEASE IDE:IntelliJ IDEA 2018.2.4 思路 创建手机验证码实体和相关工具(生成器,发送器)
SpringSecurity实现短信验证码登录验证
taojin12的博客
02-15 2646
文章目录1、自己实现一个SmsAuthenticationToken类2、自己实现一个SmsCodeAuthenticationFilter,验证用户3、自己实现一个SmsCodeAuthenticationProvider4、验证码验证过滤器 SpringSecurity进行用户登录认证时,通过UsernamePasswordAuthenticationFilter获取用户信息,获取一个Use...
spring security 实现短信登录---若依RuoYi整合短信验证码登录
2201_75600005的博客
07-07 1152
仿照 UsernamePasswordAuthenticationToken 类,编写短信登录 token 验证。我们自己构造的这个SmsCodeAuthenticationToken 里面不需要传递密码,因为短信登录不需要注意看里面的两个构造函数,有鉴权 就是通过了验证,一般在jwt过滤器中使用有鉴权的这个构造器,第一次登录的时候调用的是没有鉴权的(一般就是已经登陆过了,发送请求的时候从解析出token的userid 去redis中取得认证信息)/*** 自定义短信登录token验证。
Spring Security 实现短信验证码登录功能
08-19
在本文中,我们将深入探讨如何使用Spring Security框架实现短信验证码登录功能。Spring Security是一个强大的安全框架,用于管理和保护Web应用程序的访问控制。在传统的用户名密码登录方式之外,短信验证码登录提供...
SpringBoot 集成 Spring Security短信验证码登录【完整源码+数据库】
02-16
Spring Security 默认是账号和密码登录,现在是对 Spring Security 进行扩展,来实现短信验证码方式登录SpringBoot 集成 Spring Security短信验证码登录【完整源码+数据库】
Spring Security Oauth2.0 实现短信验证码登录示例
08-28
Spring Security Oauth2.0 实现短信验证码登录示例 本篇文章主要介绍了 Spring Security Oauth2.0 实现短信验证码登录示例,具有一定的参考价值。下面是该示例的详细知识点解释: 一、Spring Security Oauth2.0 ...
Spring Security OAuth2集成短信验证码登录以及第三方登录
08-27
Spring Security OAuth2集成短信验证码登录以及第三方登录 Spring Security OAuth2是基于Spring Cloud/Spring Boot环境下使用OAuth2.0的解决方案,为开发者提供了全套的组件来支持OAuth2.0认证。然而,在开发过程中...
免费【2024】springboot 二手图书交易系统的设计与实现
weixin_53646065的博客
08-05 676
随着世界经济信息化、全球化的到来和互联网的飞速发展,推动了各行业的改革。若想达到安全,快捷的目的,就需要拥有信息化的组织和管理模式,建立一套合理、动态的、交互友好的、高效的二手图书交易系统。当前的信息管理存在工作效率低,工作繁杂等问题,基于信息化的二手图书交易管理目前还没有完善的系统机制。
SpringBoot基础 第一天
最新发布
2301_80034662的博客
08-05 305
Person类中利用ConfigurationProperties(prefix=" ")引入配置类中的元素 但是注意Person类中的类的名字必须与application.yaml中一致。如果不是标准的application.properties 是其他的Person类中需要用PropertySource来添加配置文件的路径。给容器中添加组件,将方法的返回值添加到容器中 容器中这个组件的默认ID就是方法名。的配置文件,我们自己编写的配置文件,也不能自动识别;的配置文件,让配置文件里面的内容生效;
【过滤器 vs 拦截器】SpringBoot中过滤器与拦截器:明智选择的艺术(如何在项目中做出明智选择)
weixin_68020300的博客
07-25 1414
本文深入剖析了SpringBoot框架下过滤器与拦截器的核心差异及应用场景,指导开发者在面对请求-响应周期中的不同需求时,如何做出最佳技术选择。无论是实现安全性、日志记录,还是权限控制与数据预处理,本文都将帮助你理解何时何地使用过滤器或拦截器,以构建更加高效、可维护的Web应用程序。通过对比二者的特性与优劣,本文旨在赋能开发者,使其在实际项目中灵活运用这两种强大工具,达成项目目标。
spring security短信验证码登陆
09-16
基于Spring Security实现短信验证码登录的步骤如下: 1. 首先,创建一个`SecurityConfig`类并继承自`WebSecurityConfigurerAdapter`,用于配置Spring Security。 2. 在`configure(HttpSecurity http)`方法中,添加一个自定义的验证码过滤器`ValidateCodeFilter`,并将其放置在`UsernamePasswordAuthenticationFilter`之前。 3. 设置登录页面为自定义的短信验证码登录页面,并配置相应的权限。 4. 禁用跨站请求伪造(CSRF)保护功能。 5. 应用`SmsCodeAuthenticationSecurityConfig`配置,该配置用于处理短信验证码的认证逻辑。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值